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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-2, 4-6, 18, 35, 38-40, 49-50, 54, 56-57, 61-62, 65-66, 71, 73, and 86 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Rallis(6,425,084) in view of 
Molva(5,347,580). 

3. As per claims 1, 18, 35, 49, 54, 61, 71, 86, Rallis et al. discloses compact personal 
token(20)(see fig. IB, sheet 1), a USB-compliant interface releaseabiy(14) coupleable to a host 
processing device(10)(see fig. lA, sheet 1); a token memory; a processor, communicatively 
coupled to the memory and communicatively, coupleable to the host processing device via the 
USB-compliant interface(see fig. 1 A, IB, sheet 1, col. 3, lines 4-17), the token processor for 
providing the host processing device conditional access to data storable in the memory(see col. 2, 
lines 58-66); and a user input device, communicatively coupled to the processor by a path 
distinct fi*om the USB-compliant interface, for accepting an input signaling authorization of a 
processor operation(see col. 2, lines 63-67, fig. 1 A, sheet 1). The Examiner asserts that access to 
private data is secured, because only the authorized user with the Pin can access the host 
computer system. Rallis does not disclose "for processing by the processor to signal 
authorization of a processor operation' providing access to the user private data", "in response to 
a message received in the token fi-om the host processing device via the USB-compliant interface 



Application/Control Number: 09/449, 1 59 Page 3 

Art Unit: 2131 

invoking the processor operation". The Examiner asserts that Rallis does disclose this, because 
Rallis discloses power and command messages from the notebook computer that contains a 
processor, and response messages from the key device(see col. 2, lines 1, lines 46-58). The 
Examiner asserts that the user private data of the notebook computer is not allowed to be 
accessed, until the user is validated, because Rallis discloses the key device is used in 
conjunction with the notebook computer to prevent unauthorized user's from gaining access to 
the notebook computer(see col. 2, lines 58-66). Rallis is silent on wherein user authentication 
occurs on the token. However, Molva discloses wherein the user authentication occurs on the 
token(see col. 4, lines 56-64). It would have been obvious to one of ordinary skill in the art at 
the time of the invention to include user authentication occurs on the token of Molva with Rallis, 
the motivation is that the smartcard containing information that is used to authenticate the user 
reduces the user's ability to change his secrets with the ability to update the card's storage(see 
col. 4, lines 62-64). 

4. As per claims 2, 38, Rallis discloses wherein the path is entirely internal to the token(see 
col. 1, lines 62-67). 

5. As per claim 4, Rallis discloses wherein the private data is designated as requiring 
authorization before access by an associated identification stored in the memory(see col. 1, lines 
61-67, col. 2, lines 62-66). 

6. As per claims 5, 39, 65, 73, Rallis discloses wherein the input device includes at least one 
pressure-sensitive device actuatable from an exterior surface of the token(see col. 5, lines 46-50). 

7. As per claims 6, 40, 66, Rallis et al. discloses wherein the input device comprises at least 
one push-button switch(see col. 5, lines 46-50). 
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8. As per claims 50, 57, Rallis et al. inherently discloses wherein the user input device 
includes a character input device, because Rallis discloses a user has to enter a pin(see col. 1, 
lines 62-67). 

9. As per claim 62, Rallis et al. discloses wherein the user input device is configured to 
control an operation of the processor(see col. 2, lines 59-67) . 

10. As per claim 56, Rallis discloses, wherein the user output device is coupled to the 
processor by a path distinct from the USB-compliant interface(see col. 6, lines 7-22). 

11. As per claim 86, Rallis discloses authorizing access to private data stored in a token 
having a processor communicatively coupleable to a host processor via a Universal Serial Bus 
(USB) interface, comprising the steps of accepting a command in the token invoking a processor 
operation; and signaling the processor operation via a user output device(see col. 1, lines 62-67, 
col. 2, lines 62-66, see fig. 1 A, sheet 1). 

12. Claims 7-10, 12-15, 19-26, 28-31, 34, 36-37, 41, 43-46, 63-64, 67-69, 72, 74-77, 80-83, 
85, 87, and 89 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rallis-Molva et al 
in view of Kobielus. 

13. Claims 7, 74, 81, 82, Rallis-Molva combination does not disclose an output device, 
coupled to the processor by a second path distinct from the USB-compliant interface, for 
prompting a user to provide an authorization of a processor operation. Kobielus teaches the 
output device that is the LCD. The Examiner asserts that it is a path distinct from the USB- 
compliant interface, because Rallis discloses the USB-compliant interface that has a USB port is 
located on the computer(see fig. 1 A, sheet 1). The LCD of Kobielus it taught as being on the 
token. 
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14. It would have been obvious to one of ordinary skill in the art to combine Rallis-Molva 
with Kobielus, because both are analogous for providing a token to a user in order to gain access 
to computer. The motivation to include an output device such as a LCD is, the LCD display's 
the access code in Kobielus. Kobielus discloses that SecurlD does a challenge and response 
process that generates an access code, and the user entered the pin plus the access code that is 
displayed on the token's LCD. 

15. The same motivation applies above, same motivation applies above, the Examiner asserts 
that in regards to claims 8, 21, 36, and 75, the path and the second path are a common path, 
because the paths work together in order to communicate(see Rallis and Kobielus). 

16. Claims 9, 19, 77, and 80, 10, 12, 28, 41, 43, 67, 68-69, 76, 89, Rallis-Molva is silent for 
output device. However, Kobielus teaches an output device, such as a LCD. It would have been 
obvious to one of ordinary skill in the art to combine Rallis with Kobielus, because both are 
analogous for providing a token to a user in order to gain access to computer. The motivation to 
include an output device such as a LCD is, the LCD display's the access code in Kobielus. 
Kobielus discloses that SecurlD does a challenge and response process, that generates an access 
code, and the user entered the pin plus the access code that is displayed on the token's LCD. 

17. As per claim 20, Rallis discloses wherein the output device is communicatively coupled to 
the processor by a second communication path distinct from the USB-compliant interface (see 
fig. lA, sheet 1). 

18. As per claim 23, Rallis discloses wherein the path is entirely internal to the token(see col. 
1, lines 62-67). 
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19. As per claim 24, Rallis discloses wherein the input device includes at least one 
pressure-sensitive device actuatable from an exterior surface of the token(see col. 5, lines 46-50). 

20. As per claim 25, Rallis et al. discloses wherein the input device comprises at least one 
push-button switch(see col. 5, lines 46-50), 

21. Claims 11, 27, 42, and 70, 84, are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rallis-Molva et al in view of Kobielus and further in view of Smith et al 

22. As per claims 1 1, 27, 42, 70, 84 Rallis-Molva nor Kobielus does not disclose an aural 
device. However, Smith et al. discloses an aural device(see col. 2, lines 32-36). It would have 
been obvious to modify Rallis-Molva and Kobielus with Smith, because Smith et al. discloses a 
buzzer that is designed to warn the user of imminent interruption of power(see col. 2, lines 32- 
36). Thus, an aural device is a warning signal to warn the user of activity. 

23. Claims 13, 22, 26, 29, and 34, 44, 14, 30, 37, 45, 15, 31, 46, Rallis-Molva does not 
disclose a private key. However, Kobielus teaches a private key. Both Rallis-Molva and 
Kobeilus are analogous in the art of token's. It would have been obvious to one of ordinary skill 
in the art to modify Rallis with Kobeilus, because Kobelius teaches the token uses a secret 
algorithm and key to produce a onetime, nonrepeatable session password that is displayed on the 
LCD(output). The Examiner asserts that by using a secret algorithm that is changed every 
minute is more secure. 

24. Claims 63, 72, 83, 87, Rallis-Molva does not disclose an encryption and decryption. 
However, Kobielus discloses encryption and decryption. It would have been obvious to one of 
ordinary skill in the art at the time of the invention to modify Rallis-Molva with Kobielus, 
because Kobielus teaches that a token can contain a digital signature that is hashed and encrypted 
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with the originator's private key production the digital signature string that is then attached to 
and transmitted with the original object, along with a public key that can be used to validate it. 
The recipient can verify the digital signature by decrypting it with the originator's public key. 

25. Claim 64, Rallis-Molva does not disclose a digital signature. However, Kobielus teaches 
a digital signature. It would have been obvious to one of ordinary skill in the art at the time of 
the invention to modify Rallis-Molva with Kobielus, because Kobielus teaches that a digital 
signature authenticates the originator of an object and attests to the fact that the object has not 
been altered. 

26. As per claim 85, Rallis discloses further comprising an input device, communicatively 
coupled to the processor by path distinct from the USB-compliant interface, for providing 
information for the operation of the processor(see fig. lA, sheet 1). 

27. As per claims 51-52, 58-60 are allowable because, in prior art there is no token or key that 
contains a wheel that a user can select to input characters, there is also no prior art that discloses 
two pressure sensitive devices in order to input characters. As per claim 53 is objected to as 
being rejected on base claim 49, for the same reason above. 

Response 

28. The Applicant has amended independent claims to include, wherein the user authentication 
occurs on the token(please see above for explanation). 

29. Claim 53 is still objected to as being rejected on base claim 49. 
limitation. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E Jackson whose telephone number is (571) 272-3791. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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